?
Solved

Disallow RDP access to certain accounts which are part of Domain Admins

Posted on 2013-11-10
4
Medium Priority
?
390 Views
Last Modified: 2014-02-26
Hi,

We have several 100 servers and we have few accounts used as a service account on these servers.  It is a requirement by the application for these service accounts to be member of Domain Admins Group.

I would like to prevent some of the service accounts RDP access on all our servers.  What is the quickest way of accomplishing this?  Can I do something on the user level like Deny RDP Access etc.??

Help please.
0
Comment
Question by:fais79
  • 2
4 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39638096
You can do this via GPO. Remember that this change can be reverted back with this account as it is a domain admin account.

Not recommend but can be done via GPO.

Deny RDP access - http://technet.microsoft.com/en-us/library/cc737453(WS.10).aspx

Will.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 39638102
0
 
LVL 59

Expert Comment

by:McKnife
ID: 39638620
Before we leave it unquestioned... :)
Why would you need to have those accounts setup as domain admins? Normally, you would use service accounts and assign/delegate just some privileges to them and not the whole lot.
0
 
LVL 59

Expert Comment

by:McKnife
ID: 39877784
Please respond or finalize it, this question is growing old :)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

584 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question